In a managed information environment, a network fabric, or infrastructure, interconnects network elements, or nodes, for providing various services to end users that are also connected to the network. In a managed information network, for example, a number of storage arrays are interconnected to provide data storage and retrieval services. The storage arrays connect to other elements such as switches and hosts to efficiently provide the data storage and retrieval services to the users. Further, each storage array includes a set of individual storage devices (e.g. disk drives) that are themselves considered network elements, or entities. The collection of elements defines a configuration of the information network that is often updated to respond to request for changes and/or failure/degradation scenarios in the network, such as for resource expansion and reconfiguration, performance improvements, message traffic redirection, and equipment failures.
In a typical information network, the number of interconnected elements can become large, resulting in a substantial number of relationships and dependencies between the network elements (nodes), the network connections between them, and the applications that are layered over them that consume their resources. Accordingly, a set of rules may be implemented to identify desired or mandatory practices in the network, such as ensuring a redundant link between critical nodes, or mandating deployment of application A on a node with application B, for example. This set of rules defines a policy that network administrators enforce to maintain the network in a predictable and manageable state. However, identifying and verifying compliance of each of the rules across the network may become cumbersome in a large network. Furthermore, the policy including the rules may be driven by external factors, such as corporate directives, security requirements, industry best practices, Federal regulations, as well as vendor supported configurations. Therefore, at any particular site or enterprise, there may be multiple policies to satisfy, each having a plurality of rules in effect.
In the managed information network, therefore, multiple policies proscribing or requiring network practices may be imposed. These policies specify various configuration guidelines, such as requirements for connections between nodes (hosts, network devices), application dependencies for services provided by the nodes, and configurations of individual nodes. Each policy includes a plurality of rules that identifies network elements, or objects (hosts, services, or connections), a scope of the rule identifying which network objects it applies to, and a condition to test for satisfaction of the rule.